General discussion
-
CreatorTopic
-
March 15, 2000 at 1:52 am #2082265
Ed Bott’s Microsoft Challenge–March 16,
Lockedby ebott · about 24 years ago
It’s every administrator’s nightmare. You’ve just taken over a new job after the previous administrator left unexpectedly, and none of the surviving IT staffers know the password for a key Windows 2000 server. What alternatives do you have? I’m interested in third-party tools as well as functions built in to the operating system. I’ll pass out a total of 1,000 TechPoints for the best solutions. If you can help, click here to tackle this week’s Microsoft Challenge. Don?t delay, though. I?ll accept answers only until Thursday, March 23.
Topic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
March 15, 2000 at 2:06 am #3898158
Ed Bott’s Microsoft Challenge–March 16,
by wired_777 · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
l0pht.com has a password cracking utility for windowsNT, that can crack most passwords using a dictionary, or hybrid brute force/ dictionary search 90% of the time in under 48 hours on a pentiumII 300.
-
September 20, 2000 at 7:02 pm #3739465
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 15, 2000 at 7:19 am #3898155
Ed Bott’s Microsoft Challenge–March 16,
by lemasney · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
How about the su.exe [appropriately named] utility that is included with the beta evaluation tools for win2k? Although I haven’t tried it, it’s described as though it could get you in enough to play around as an arbitrary user and then use one of the 64k bugs to sploit. :]
-
September 20, 2000 at 7:02 pm #3739466
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 15, 2000 at 7:32 am #3898154
Ed Bott’s Microsoft Challenge–March 16,
by venraju · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
I agreed with first answer. I don’t have any other idea than that one.
-
September 20, 2000 at 7:02 pm #3739467
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 15, 2000 at 7:49 am #3898152
Ed Bott’s Microsoft Challenge–March 16,
by avachon · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
Look at http://www.pwcrack.com They offer password cracking utilities for virtually any kind of lockout (admin.,msoffice,etc.).
-
September 20, 2000 at 7:02 pm #3739468
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 15, 2000 at 8:57 am #3898150
Ed Bott’s Microsoft Challenge–March 16,
by j2k · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
I’ve had that very problem before. Check out http://www.winternals.com/products/ntlocksmith.shtml . It’s $49, but well worth it. You can change any account that is on the system.
-
September 20, 2000 at 7:02 pm #3739469
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 15, 2000 at 7:23 pm #3898137
Ed Bott’s Microsoft Challenge–March 16,
by andy_p · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
This product is now in its third year. As long as you have access to the floppy you can change any user password.
I’ve mainly used it for NT4 but the product does support 2000“http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html”
It’s also free
-
September 20, 2000 at 7:02 pm #3739470
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 15, 2000 at 9:08 pm #3898133
Ed Bott’s Microsoft Challenge–March 16,
by moflic · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
You can’t.
Brute force can take months to complete if that guy that left was a real administrator and put on a real password.
The answer above leads to a page that says 2000 support is broken.
Maybe next year….-
September 20, 2000 at 7:02 pm #3739471
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 15, 2000 at 10:15 pm #3898131
Ed Bott’s Microsoft Challenge–March 16,
by egil.danielsen · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
I have to agrre with j2k@twcny.rr.com Proposed answer 5.
With a null modem cable and a laptop it’s possible to change the Administrators password with this tool. I have used it severel times and it does the job quick and easy.-
September 20, 2000 at 7:02 pm #3739472
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 15, 2000 at 10:19 pm #3898130
Ed Bott’s Microsoft Challenge–March 16,
by msullivan · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
I will assume that this is a member server and not a DC. If it were a DC you should contact your previous employer and find out if they have filled your job yet. Additionally, I will assume that the administrator account is the ONLY administrator on the box (otherwise,the first thing I would try is a test of cached passwords to see if they still exist on win2k).
The rest of these suggestions should be followed by “But I havn’t Tried it yet!”
Win2k has a new file called SAM.sav in the system32\config directory. That may be helpfull for rolling back the SAM. Hmmm…There is also a SAM.log file, I wonder what that does?
My next step would be to try replacing the SAM hive with a known quantity using a dual boot scenario. (always make a backup…yada yada yada)
While all of this is going on, I would be surfing the web to find a cracking tool that will work against the win2k SAM.Good Luck
Mike Sullivan-
September 20, 2000 at 7:02 pm #3739473
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 16, 2000 at 2:04 am #3898125
Ed Bott’s Microsoft Challenge–March 16,
by tony k · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
Okay, most of the answers above won’t work. The bootdisk mentioned works fine for NT4, But, the first line on it’s webpage is that W2K support is broken. It also won’t work on a server with a stripe set. Besides, it’s a server, you don’t reboot servers (at least, I never do).
Su won’t work, because you’ll need the admin password. There aren’t 64K bugs, just poor reporting and lies.
Locksmith also doesn’t work on machines with versions higher than SP4.
L0pht won’t work, either, it relies on NT4’s failings. It also won’t work if you don’t have a password that’s in a dictionary.
But, there is ONE vulnerability in 2000 that existed in NT4, and can be done while the server’s online:
Go into %systemroot%\system32.
Ren logon.scr to logon.old
Copy cmd.exe to logon.scr
Logoff, and wait for the “screensaver” (you’ll get a command prompt).
Under NT4, run musrmgr, under 2000, run mmc.
You’ll need to add user/group support to the MMC, you can then change any password you want.Easy fix for
-
September 20, 2000 at 7:02 pm #3739474
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 16, 2000 at 10:15 am #3898111
Ed Bott’s Microsoft Challenge–March 16,
by curious_george · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
Both ERD PRO and the Linux Pwd changer boot disk will boot to command line and ignore NTFS security. Then you can access the SAM database directly and create a new pwd. You can’t see the old password but you can create a new one for the local admin.
-
September 20, 2000 at 7:02 pm #3739475
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 16, 2000 at 11:53 am #3898109
Ed Bott’s Microsoft Challenge–March 16,
by higun@silverado · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
Not knowing how many servers total but assuming there is backup for this locked one;do a forced shutdown so backup server kicks in or load is balanced through network fault-tolorence,remove harddrive, insert in clean machine with no memory of a password,boot-up with machine in backup role,choose new password,then promote.
-
September 20, 2000 at 7:02 pm #3739476
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 16, 2000 at 12:31 pm #3898108
Ed Bott’s Microsoft Challenge–March 16,
by amnezia · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
Seem to remember a note from Jeff Davis about this. Something to do with installing W2K into a second folder – at the time of the first installation. Should this situation occur, use a boot disk to access the second copy of W2K, use the admin login (BLANK) to get access, then …..
But I guess this’s no use in your situation …
-
September 20, 2000 at 7:02 pm #3739477
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 19, 2000 at 12:10 am #3898043
Ed Bott’s Microsoft Challenge–March 16,
by fpling · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The solution as posted at http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html will work. But some work need to be done to turn off the syskey. Use the chntpw utility to edit the system registry. Then you can nullify the admin password, or whoever password you wish to nullify. True, that it will create weirdos to the SAM file. However, it will only affect the user passwords database. I think this tool is the best!
-
September 20, 2000 at 7:02 pm #3739478
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 21, 2000 at 1:38 am #3897945
Ed Bott’s Microsoft Challenge–March 16,
by jtjammer · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
http://www.winternals.com/products/ntlocksmith.shtml
Been there, used this, no problem.
James Todd
jtodd@pf-inc.com-
September 20, 2000 at 7:02 pm #3739479
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 21, 2000 at 5:03 am #3901782
Ed Bott’s Microsoft Challenge–March 16,
by nancy.shelton · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
Install Windows 2000 server on another harddrive; create an Administrator USER ID and password. Slave the second harddrive on the server. Change the password for the other Administrator ID.
-
September 20, 2000 at 7:02 pm #3739480
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 22, 2000 at 4:59 am #3901698
Ed Bott’s Microsoft Challenge–March 16,
by tony k · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
Okay, I’m sorry, but now I see why NT Admins have the rep they do….the problem calls for hacking a Windows **2000** server, not an **NT4** server. You need to read the problem, and provide a solution that will work for the problem in front of you.
L0pht won’t work. Locksmith won’t work. The Linux boot floppy won’t work. They only work on NT4, and ONLY if the previous admin was lax on security. (Well, the boot floppy would work on a syskeyed system if you want to go manually reset every users PW…)
If you’re going to post a solution, at least take the 2-3 minutes it takes to TEST to see if it will actually work.
-
September 20, 2000 at 7:02 pm #3739481
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 22, 2000 at 2:16 pm #3901674
Ed Bott’s Microsoft Challenge–March 16,
by c_hall · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
Don’t know if it will work for a Win2k server, but when I was at Raytheon, a co-worker of mine had a Linux utility that booted the machine to Linux at power-up. After the machine booted, you were greeted with “Change your NT password?” The disk was, of course, used only in emergencies most dire… He claimed to have found it on the web.
-
September 20, 2000 at 7:02 pm #3739482
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
March 22, 2000 at 2:18 pm #3901673
Ed Bott’s Microsoft Challenge–March 16,
by c_hall · about 24 years ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
Don’t know if it will work for a Win2k server, but when I was at Raytheon, a co-worker of mine had a Linux utility that booted the machine to Linux at power-up. After the machine booted, you were greeted with “Change your NT password?” The disk was, of course, used only in emergencies most dire… He claimed to have found it on the web.
-
September 20, 2000 at 7:02 pm #3739483
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
June 22, 2000 at 2:41 am #3784419
Ed Bott’s Microsoft Challenge–March 16,
by rhenderson · about 23 years, 9 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
Install a second occurance of Windows 2000 Server, sign on as administrator and change the previous installations administrators password. Reboot to the original installation and delete the second install.
-
September 20, 2000 at 7:02 pm #3739484
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
June 22, 2000 at 8:20 am #3783888
Ed Bott’s Microsoft Challenge–March 16,
by johnnyextreme · about 23 years, 9 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
In order to test the effectiveness of our password policy I used a shareware application called L0phtcrack 2.5 which I downloaded from http://www.L0pht.com (that’s a zero, not an o). This utility takes the password hashes directly from the registryof the computer it’s installed on, or remotely from any server the user has administrative rights on, and runs a brute force hack on it to discover the passwords. On one complicated password (11 characters and alphanumeric) it took 15 hours, but itdid finally display the entire password. The program figured out the last 3 characters almost immediately, which might help “surviving” IT staffers figure out the rest of it.
-
September 20, 2000 at 7:02 pm #3739485
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
The question was auto-closed by TechRepublic
-
-
September 20, 2000 at 7:02 pm #3739464
Ed Bott’s Microsoft Challenge–March 16,
by ebott · about 23 years, 6 months ago
In reply to Ed Bott’s Microsoft Challenge–March 16,
This question was auto closed due to inactivity
-
-
AuthorReplies